Medium severity4.8NVD Advisory· Published Apr 1, 2026· Updated Apr 3, 2026

CVE-2026-20087

Description

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco IMC web interface has a stored XSS allows authenticated admin to inject scripts via insufficient input validation.

Vulnerability

Overview

CVE-2026-20087 is a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC). The root cause is insufficient validation of user-supplied input, which allows an authenticated attacker with administrative privileges to inject arbitrary script code [1].

Exploitation

An attacker must first authenticate to the Cisco IMC web interface with administrative credentials. The exploit requires the attacker to craft a malicious link and persuade a user interaction (clicking the link) from a targeted user of the same interface. No additional network access is needed beyond the management interface [1].

Impact

Successful exploitation enables the attacker to execute arbitrary script code in the victim's browser within the context of the IMC web interface. This could lead to access to sensitive browser-based information, such as session tokens or other data accessible through the affected by the same-origin policy [1].

Mitigation

Cisco has released software updates to address this vulnerability. There are no workarounds. Affected products include 5000 Series ENCS, Catalyst 8300 Series Edge uCPE, UCS C-Series M5/M6 rack servers, and UCS E-Series servers [1].

References

Cisco Security Advisory: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./IMCllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVABnvd

News mentions

No linked articles in our index yet.

cvss	0.312
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000